We use cookies. Find out about cookies here. By continuing to browse this site you are agreeing to our use of cookies.

Threat Intelligence Engineer, Virtual Location ..., Washington

CategorySystems, Quality, & Security Engineering
Job typeFull Time
CountryUnited States of America
CityVirtual Location - Washington
Amazon Customer Service is one of the largest customer service organizations in the world. Our tens of thousands of Customer Service Associates around the globe provide world-class support to customers 24 hours a day, 7 days a week, and in over 15 languages (and growing).

The Customer Service Security Threat Intel team is responsible for developing actionable intelligence on insider threats and advanced cyber threats to our services and our customers. We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of threat actors and their tactics, techniques, and procedures. We then leverage that understanding to proactively identify and mitigate malicious activity.
We are seeking a technically skilled, strategically minded Threat Intelligence Engineer to help develop our threat intelligence program. The ideal candidate should be familiar with threat intelligence principles and have experience in a proactive environment seeking out information in furtherance of an intelligence driven strategy. This candidate should be familiar with threat actor TTPs, analyzing large amounts of data, and OSINT concepts. He or she will help enhance our capabilities by formulating new analytic techniques and working across teams to drive the supporting capabilities. Candidates should have a solid understanding of network and host-based indicators and how to best leverage them. He or she should be able to help automate recurring tasks to improve the overall effectiveness of the team.

Key Responsibilities:
• Perform deep dive analysis of malicious artifacts.
• Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities.
• Analyze telemetry data to identify signals indicative of sophisticated fraud actors.
• Produce high-quality written, actionable intelligence on current and developing threats
• Provide timely, relevant, and proactive analysis in support of Amazon Customer Service teams
• Create security techniques and automation for internal use that enable the team to operate at high speed and broad scale
• Drive engagement across Customer Service teams to establish trust relationships
• Develop and review requirements for intelligence products
• Track and report team progress using metrics that capture impact and value
• Identify stakeholder needs and drive projects to improve the dissemination of actionable intelligence through automation or education
• Take large, complex projects and break them down into manageable pieces, develop functional specifications, then deliver them in a successful and timely manner.
• Deep dive and analyze key business performance metrics, identify gaps, create plans to mitigate and drive to closure.
• Develop, track, and report on key program performance metrics. Balance the business needs versus technical constraints.

Basic Qualifications:
• BS in Computer Science, Engineering, or related field, or equivalent technology related work experience
• 2+ years of experience in threat intelligence, cybercrime investigations/intelligence, tracking threat actor behaviors, including investigating, researching, or analyzing online fraud actor TTPs (Tactics, Techniques and Procedures), or attribution research.
• Experience in C, C++, Python, PowerShell, or Bash
• Able to work in a diverse team

Preferred Qualifications:
• MS degree in Computer Science, MIS, Computer Engineering
• 5+ years of experience in Threat Intelligence research and analysis, particularly nation states and APTs
• Strong oral and written communication skills with the ability to present complex information in a clear and concise manner to a variety of audiences
• Thorough understanding of insider threat related issues
• Experience with malware analysis, network flow analysis and large-scale data analysis.
• Experience with threat modeling or other risk identification techniques
• Strong organizational and multitasking skills with ability to balance competing priorities
• Proficiency in AWS services, Splunk, and ASFF
• Ability to make concrete progress in the face of ambiguity and imperfect knowledge
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us